Anti-Trojan Reviews - Literature Survey

Home      What is a Trojan Horse?      How we reviewed anti-trojans     About us

Most of the tests and reviews that have been carried out have been based on scanning. In this type of test, the reviewer selects a test set of trojans and then scans the set with each anti-trojan product. The anti-trojan programs are then ranked  according to the number of trojans detected.

This straightforward approach may seem attractive but it has many limitations which may explain why a number of these tests have produced conflicting results. It would going too far to say such tests should be ignored but it would be equally foolish to make too much of them.

Fortunately a few diligent reviewers have departed from this pattern. The University of Illinois test (see below) was an excellent piece of work involving test of both scanning and monitor detection under various compression schemes.  The Rokop Security test (below)  in Germany was also noteworthy for it's comprehensiveness. We suggest you give both these reviews your close attention. 

An alternative source of guidance comes from security forums and news groups. You should check out this survey of the anti-trojan products actually used by those who have an interest in security.

Reviews

University of Illinois at Urbana-Champaign, Privacy and Security

There are actually two separate reviews here. In the first review in February 2002, they evaluated a number of products by testing their ability to detect the Sub7 2.13 MUIE server packed under 6 different variety of executable compression schemes.  Both passive file scanning and real time monitoring was tested, the later with both the monitor pre-loaded or subsequently executed. 

Although only one Trojan was tested, it is one of the most common and deadly. If a program failed to detect Sub7 , there is reason to be concerned.

   Scan Monitor 1  Monitor 2
 The Cleaner 3.2  1  6  1
 Lockdown Pro 1.1  2  6  6
 AVP 3.5  5  5  5
 Innoc. IT PE  5.2.9  2  2  2
 F-Prot for DOS 3.11b  2  n.a.  n.a.
 Tauscan 1.6  3  3  3
 TDS-3  6  n.a.  n.a.

The figures in the table show the number of positive identifications in the 6 different tests i.e. 6 is a perfect score

One of the conclusions is of note "signature scanning alone is not as  effective an anti-trojan solution as a set of layered defenses that  protects not only against known trojan servers, but also against changes  to auto-start locations in the Registry and other system files, as well as against unwanted applications listening on ports".

Overall a pretty useful review under real conditions.  It's a pity though they didn't test the TDS-3 in-memory monitor as it was not available in the demo version.

The second review in this series from March 2002 the same methodology was applied to a different set of anti-trojan programs. Unfortunately the results may be distorted by an unknown degree by virtue of the fact that 2 of the software developers, BOClean and Trojan Hunter had the opportunity to update their products in the course of the trials. 

  Scan Monitor Monitor
Ants 2.1 2 n.a. n.a.
AVG AV 6.0 2 2 2
BOClean 4.09 n.a. 6 6
McAfree AV 5.21 5 6 6
Norton AV 2001 1 6 1
PestPatrol 3 2 n.a. n.a.
TrojanHunter 2.53 6 6 6

RokOp Security.

This German site tests anti-virus and anti-trojan suites each month. In July 2002 they tested 5 well known anti-trojans against a  single "common backdoor" trojan configured using 5 varying compression schemes.  At least that's what I think they did as I had to rely on BabelFish to translate the German site!

TDS-3 came out on clearly top and was the only product to pick up the backdoor trojan in any of the disguised forms.   Trojan Hunter did reasonably well with The Cleaner, Tauscan and PC Doorguard performing similarly but well below the performance level of the top products.

http://www.wilders.org/anti_trojans.htm

Here ratings here are really opinions based on features and user feedback from the popular Wilders security forums. Ratings were awarded on a five point scale.

 TDS-3 v3.2.1  5.00
 BoClean  5.00
 Trojan Hunter  4.75
 Pest Patrol  4.00
 Tauscan  3.25
 The Cleaner  3.00

Scanning Tests

PC Magazine

A somewhat controversial review based largely on how many trojans were detected from scanning a sample set. Ratings were awarded on a five point scale. This review drew rather heated comment from readers. The Editors subsequently added a "user rating" as well as their own. In the readers ratings, TD3 was promoted to 5 stars while PestPatrol was reduced to 4.

 PC Mag Rating  User Rating
Tauscan 1.6  *****  *****
PestPatrol  *****  ****
TDS-3  ****  *****
Anti-Trojan 5.5  ***  
Anti Ghostbusters Pro 3  ***  
Digital Patrol 3.2f  ***  
Trojan Remover  **  ***

http://www.trojaner-info.de

This German website has run some very useful anti-trojan detection tests using several different test sets including common and uncommon trojans and backdoors.  A good English summary can be found at http://www.claymania.com/tests-trojan.html.  Unfortunately the tests are a little dated and the majority of the 20 products tested were virus scanners rather than specific anti-trojan products. Furthermore several of the top anti-trojans such as TDS-3 and BoClean were not tested at all.

In these tests, the specialist virus scanners generally outperformed their anti-trojan cousins, a finding somewhat out of step with other results. This may be a reflection of the test sets used. The top performing product was the Kaspersky Anti-Virus Suite. The top anti-trojan product varied from test set to test set with Ants 2.0 and The Cleaner generally doing quite well though well behind the top anti-virus suites. Trojan Hunter 1.0 tailed the field. 

Dark-e.com

 A simple test of 3 products documenting the number of trojans found in scanning a database of 1827.

TDS-3    1051
The Cleaner 3.02   1105
Tauscan 1.5   1098

PC Flank

Another scanner test with a database of 1390 Trojans.

Tauscan 1.6 1332 96%
 Kaspersky AntiVirus 3.6.1 1192 86%
TDS-3 1037 75%
Dr.Web 1034 74%
PC DoorGuard 1029 74%
Panda AntiVirus 1021 73%
The Cleaner 3.2 992 71%
McAfee VirusScan 5.21 974 70%
PestPatrol 865 62%
Norton AV 7.01 676

49%

Of particular note in this review is the poor performance of PestPatrol and Nortan AV and the good performance of the Tauscan and the Kaspersky Anti Viral Suite.  The rest falls into the middle.

http://www.hackfix.org/miscfix/icons-at.shtml

In this review the scanning ability of three anti-trojans were tested against a set of 100 or so standard trojans. The detection rates were:

Pest Patrol 99%
The Cleaner 91%
PC Doorguard 80%

Unfortunately the review does not indicate the scanner version numbers nor does it identify the release numbers of the test trojans.

NSTL Test Report (Adobe PDF file)

This report from the NSTL was commissioned by SaferSite, the folks that make PestPatrol.  Oddly enough Pestpatrol was the top performing product of the 13 tested. This finding is not surprising for the particular test set involving non-trojan type pests such as hacker tools because PestPatrol is one of the few products on the market to target these programs.  However the fact that PestPatrol easily outperformed all other products in detecting trojans is a surprise and somewhat out of step with other reviews including our own.
Apart from the NSTL study, Safersite list two more reviews on their website conducted by their own research staff.  They are now somewhat out of date but you can find them here if you want to read them.

 

Advertisements:

The Best Backup Software: 18 backup programs reviewed and rated but only one get "Editor's Choice"

Inkjet Printer cartridges: The best places to buy cheap inkjet cartridges. We looked at 47 seven sites but could only recommend eleven.

 

Anti-trojan Software Reviews Home Page